<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE topic PUBLIC "-//OASIS//DTD DITA Topic//EN" "topic.dtd">
<topic id="topic_iqr_ym2_jr">
  <title>Securing the Database</title>
  <shortdesc>Introduces Greenplum Database security topics.</shortdesc>
  <body>
    <p>The intent of security configuration is to configure the Greenplum Database server to
      eliminate as many security vulnerabilities as possible. This guide provides a baseline for
      minimum security requirements, and is supplemented by additional security documentation. </p>
    <p>The essential security requirements fall into the following categories: <ul
        id="ul_fwy_bn2_jr">
        <li><xref href="Authenticate.xml#topic_n5w_gtd_jr">Authentication</xref> covers the
          mechanisms that are supported and that can be used by the Greenplum database server to
          establish the identity of a client application.</li>
        <li><xref href="Authorization.xml#topic_ivr_cs2_jr">Authorization</xref> pertains to the
          privilege and permission models used by the database to authorize client access. </li>
        <li><xref href="Auditing.xml#topic_ufw_zn2_jr">Auditing</xref>, or log settings, covers the
          logging options available in Greenplum Database to track successful or failed user
          actions.</li>
        <li><xref href="Encryption.xml#topic_th5_5bf_jr">Data Encryption</xref> addresses the
          encryption capabilities that are available for protecting data at rest and data in
          transit. This includes the security certifications that are relevant to the Greenplum
          Database. </li>
      </ul></p>
    <section>
      <title>Accessing a Kerberized Hadoop Cluster</title>
      <p>You can use the Greenplum Platform Extension Framework (PXF) to read or write external
        tables referencing files in a Hadoop file system. If the Hadoop cluster is secured with
        Kerberos ("Kerberized"), you must configure Greenplum Database and PXF to allow users
        accessing external tables to authenticate with Kerberos. Refer to <xref
          href="../../../pxf/latest/using/pxf_kerbhdfs.html" scope="external" format="html"
          >Configuring PXF for Secure HDFS</xref> for the procedure to perform this setup. </p>
    </section>
    <section>
      <title>Platform Hardening</title>
      <p>Platform hardening involves assessing and minimizing system vulnerability by following best
        practices and enforcing federal security standards. Hardening the product is based on the US
        Department of Defense (DoD) guidelines Security Template Implementation Guides (STIG).
        Hardening removes unnecessary packages, disables services that are not required, sets up
        restrictive file and directory permissions, removes unowned files and directories, performs
        authentication for single-user mode, and provides options for end users to configure the
        package to be compliant to the latest STIGs.  </p>
    </section>
  </body>
</topic>
